undefined | Better HN

0 pointsvasco2y ago0 comments

You need to hack the client for that vs just binding to a network port, or at least have access to a decryption key.

0 comments

Yes. Sometimes software will encrypt HTTP calls while relying on the operating system certificate authorities, so it's easy to intercept again using tools such as mitmproxy.

Sometimes you will be forced to hack the software, to allow interception or to replace a key. Unless they use a symmetric key that is easily found, but I have never seen that.

And then you have the monsters such as Widevine.

j / k navigate · click thread line to collapse

0 pointsvasco2y ago0 comments

You need to hack the client for that vs just binding to a network port, or at least have access to a decryption key.

0 comments

speedgoose2y ago

Yes. Sometimes software will encrypt HTTP calls while relying on the operating system certificate authorities, so it's easy to intercept again using tools such as mitmproxy.

Sometimes you will be forced to hack the software, to allow interception or to replace a key. Unless they use a symmetric key that is easily found, but I have never seen that.

And then you have the monsters such as Widevine.

j / k navigate · click thread line to collapse